tests/org/cacert/gigi/TestSSL.java

   1 package org.cacert.gigi;
   2
   3 import java.io.EOFException;
   4 import java.io.IOException;
   5 import java.net.InetSocketAddress;
   6 import java.nio.ByteBuffer;
   7 import java.nio.channels.SocketChannel;
   8 import java.security.NoSuchAlgorithmException;
   9
  10 import javax.net.ssl.SSLContext;
  11 import javax.net.ssl.SSLEngine;
  12 import javax.net.ssl.SSLEngineResult;
  13 import javax.net.ssl.SSLEngineResult.HandshakeStatus;
  14 import javax.net.ssl.SSLException;
  15
  16 import org.junit.Test;
  17
  18 public class TestSSL {
  19         private ByteBuffer in;
  20         private ByteBuffer inC;
  21         private ByteBuffer outC;
  22         private ByteBuffer out;
  23         static {
  24                 InitTruststore.run();
  25         }
  26         @Test
  27         public void testClientIntitiatedRenegotiation()
  28                         throws NoSuchAlgorithmException, IOException {
  29                 SSLContext sc = SSLContext.getDefault();
  30                 SSLEngine se = sc.createSSLEngine();
  31                 SocketChannel s = SocketChannel.open(new InetSocketAddress("localhost",
  32                                 443));
  33
  34                 in = ByteBuffer.allocate(se.getSession().getApplicationBufferSize());
  35                 inC = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
  36                 inC.limit(0);
  37                 out = ByteBuffer.allocate(se.getSession().getApplicationBufferSize());
  38                 outC = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
  39                 outC.limit(0);
  40                 se.setUseClientMode(true);
  41                 se.beginHandshake();
  42
  43                 work(se, s);
  44                 se.beginHandshake();
  45                 try {
  46                         work(se, s);
  47                         throw new Error(
  48                                         "Client re-negotiation succeded (possible DoS vulnerability");
  49                 } catch (EOFException e) {
  50                         // Cool, server closed connection
  51                 }
  52
  53         }
  54         private void work(SSLEngine se, SocketChannel s) throws SSLException,
  55                         IOException {
  56                 while (se.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING
  57                                 && se.getHandshakeStatus() != HandshakeStatus.FINISHED) {
  58                         switch (se.getHandshakeStatus()) {
  59                                 case NEED_WRAP :
  60                                         wrap(se, s);
  61                                         break;
  62                                 case NEED_UNWRAP :
  63                                         unwrap(se, s);
  64                                         break;
  65                                 case NEED_TASK :
  66                                         se.getDelegatedTask().run();
  67                                         break;
  68                                 default :
  69                                         System.out.println(se.getHandshakeStatus());
  70                         }
  71                 }
  72         }
  73         private SSLEngineResult unwrap(SSLEngine se, SocketChannel s)
  74                         throws IOException, SSLException {
  75                 if (inC.remaining() == 0) {
  76                         inC.clear();
  77                         s.read(inC);
  78                         inC.flip();
  79                 }
  80                 SSLEngineResult result = se.unwrap(inC, in);
  81                 if (result.getStatus() == javax.net.ssl.SSLEngineResult.Status.BUFFER_UNDERFLOW) {
  82                         int pos = inC.position();
  83                         int limit = inC.limit();
  84                         inC.limit(inC.capacity());
  85                         inC.position(limit);
  86                         int read = s.read(inC);
  87                         if (read <= 0) {
  88                                 throw new EOFException();
  89                         }
  90                         inC.limit(inC.position());
  91                         inC.position(pos);
  92                 }
  93                 return result;
  94         }
  95         private SSLEngineResult wrap(SSLEngine se, SocketChannel s)
  96                         throws SSLException, IOException {
  97                 outC.clear();
  98                 SSLEngineResult result = se.wrap(out, outC);
  99                 outC.flip();
 100                 s.write(outC);
 101
 102                 return result;
 103         }
 104 }